- Description
- Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62C295FB-3AFC-4051-AA7F-9BC8B56B4501"
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17FCAA6C-F1A6-469D-9449-9A99D3E70A70"
}
],
"operator": "OR"
}
]
}
]